Vulnerability Details : CVE-2019-14899
A vulnerability was discovered in Linux, FreeBSD, OpenBSD, MacOS, iOS, and Android that allows a malicious access point, or an adjacent user, to determine if a connected user is using a VPN, make positive inferences about the websites they are visiting, and determine the correct sequence and acknowledgement numbers in use, allowing the bad actor to inject data into the TCP stream. This provides everything that is needed for an attacker to hijack active connections inside the VPN tunnel.
Products affected by CVE-2019-14899
- cpe:2.3:o:freebsd:freebsd:-:*:*:*:*:*:*:*
- cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*
- cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:11.0:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
- cpe:2.3:o:openbsd:openbsd:-:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2019-14899
0.08%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 35 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2019-14899
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
4.9
|
MEDIUM | AV:A/AC:M/Au:S/C:P/I:P/A:P |
4.4
|
6.4
|
NIST | |
7.4
|
HIGH | CVSS:3.0/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.5
|
5.9
|
Red Hat, Inc. | |
7.4
|
HIGH | CVSS:3.1/AV:A/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H |
1.5
|
5.9
|
NIST |
CWE ids for CVE-2019-14899
-
The product does not adequately verify the identity of actors at both ends of a communication channel, or does not adequately ensure the integrity of the channel, in a way that allows the channel to be accessed or influenced by an actor that is not an endpoint.Assigned by: secalert@redhat.com (Primary)
References for CVE-2019-14899
-
http://seclists.org/fulldisclosure/2020/Dec/32
Full Disclosure: APPLE-SA-2020-12-14-4 Additional information for APPLE-SA-2020-11-13-1 macOS Big Sur 11.0.1Mailing List;Third Party Advisory
-
https://openvpn.net/security-advisory/no-flaws-found-in-openvpn-software/
No flaws found in OpenVPN software | OpenVPNThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2021/07/05/1
oss-security - Re: Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)Mailing List;Third Party Advisory
-
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14899
1774905 – (CVE-2019-14899) CVE-2019-14899 VPN: an attacker can inject data into the TCP stream which allows a hijack of active connections inside the VPN tunnelIssue Tracking;Third Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/10/07/3
oss-security - Re: [CVE-2019-14899] Inferring and hijacking VPN-tunneled TCP connections.Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/Jul/23
Full Disclosure: APPLE-SA-2020-07-15-1 iOS 13.6 and iPadOS 13.6Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/Jul/25
Full Disclosure: APPLE-SA-2020-07-15-3 tvOS 13.4.8Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT211850
About the security content of iOS 14.0 and iPadOS 14.0 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT211290
About the security content of tvOS 13.4.8 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT211288
About the security content of iOS 13.6 and iPadOS 13.6 - Apple SupportThird Party Advisory
-
https://support.apple.com/kb/HT211289
About the security content of macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High Sierra - Apple SupportThird Party Advisory
-
http://www.openwall.com/lists/oss-security/2020/08/13/2
oss-security - Blind in/on-path attacks against VPN-tunneled connections (CVE-2019-14899 follow-up)Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT211931
About the security content of macOS Big Sur 11.0.1 - Apple SupportThird Party Advisory
-
http://seclists.org/fulldisclosure/2020/Nov/20
Full Disclosure: APPLE-SA-2020-11-13-3 Additional information for APPLE-SA-2020-09-16-1 iOS 14.0 and iPadOS 14.0Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2020/Jul/24
Full Disclosure: APPLE-SA-2020-07-15-2 macOS Catalina 10.15.6, Security Update 2020-004 Mojave, Security Update 2020-004 High SierraMailing List;Third Party Advisory
Jump to